Microsoft Windows HTTP Services Multiple Vulnerabilities( 15 April 2009 )

1. Windows HTTP Services Integer Underflow Vulnerability

A remote code execution vulnerability exists in the way that Windows HTTP Services handle specific values that are returned by a remote Web server. An attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with the same user rights as the service or application which calls the WinHTTP API to connect to the attacker's Web server.

2. Windows HTTP Services Certificate Name Mismatch Vulnerability

A spoofing vulnerability exists in Windows HTTP Services as a result of the incomplete validation of the distinguished name in a digital certificate. When combined with specific other attacks, such as DNS spoofing, this may allow an attacker to successfully spoof the digital certificate of a Web site for any application that uses Windows HTTP Services.

3. Windows HTTP Services Credential Reflection Vulnerability

A remote code execution vulnerability exists in the way that Windows HTTP Services handles NTLM credentials when a user connects to an attacker's Web server. This vulnerability allows an attacker to replay the user's credentials back to the attacker and execute code in the context of the logged-on user. If a user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.